Cyber Bites

The Spanish employment agency has been targeted by a ransomware attack which has resulted in hundreds of offices being knocked offline. Marketing agencies have to be conscious of cyber attacks and how it may impact their customers and any databases that they hold. SEPE are the latest in a string of companies to be held ransom by an unexpected cyber attack. The SEPE published a note on their website which said, "currently, work is being...

Adobe has just released patches for critical security problems which were affecting their Connect, Framemaker and Creative Cloud applications. Following Adobe's monthly security update the vulnerability, tracked as CVE-2021-21056, has been patched in the document processor Framemaker. Three vulnerabilities in Adobe's Creative Cloud were also patched - CVE-2021-21068; CVE-2021-21078; and CVE-2021-21069 following the update. Another critical vulnerability tracked as CVE-2021-21085, which is caused by improper input validation, has also been patched in Adobe's Connect software.

Hackers have claimed that they have breached Verkada Inc., a company that provides security cameras to various organisations. The breach affects around 150,000 security cameras that have been installed in hospitals, schools and businesses. Following the breach, security camera feeds from clinics, schools, prisons and psychiatric hospitals have been hijacked, as well as those of businesses such as Tesla and Cloudflare Inc.  

Apple's OF (Offline Finding) technology uses online finder devices running the 'Find My' app to detect the location of missing offline devices (for instance iPads using Bluetooth and AirTags). The security and privacy of Apple's Bluetooth location-tracking system earned praise from researchers who discovered two flaws in the technology. Computer scientists from the Technische Universität Darmstadt in Germany uncovered several issues following a detailed analysis. In fact, this was the first comprehensive security and privacy...

On Wednesday Russia threatened to block the U.S. social media platform if it did not comply with its deletion demands. This came after Twitter's speed was already reduced in retaliation for its alleged failure to remove banned content. Russian authorities had already accused Twitter of failing to delete posts that were supposedly urging children to take part in anti-Kremlin protests. In a statement released by Roskomnadzor, the state communications regulated claims that as of Wednesday...

Yesterday, GitHub users were automatically logged out of their accounts after their sessions were invalidated in order to protect accounts from a potentially dangerous security vulnerability. Last week GitHub received reports that they were being targetted by suspicious behaviour from an external party. This suspicious behaviour related to a rare race condition vulnerability. The vulnerability was rerouting  GitHub users to the web browser of other logged-in users. This meant that the users who were being rerouted...

Early last week researchers at 360Netlab received reports that QNAP NAS devices were being targetted by a new form of attacks. QNAP is a Taiwanese manufacturer of hardware, including network-attached storage (NAS) devices. Internet of Things (IoT) and NAS devices are usually hijacked using credential theft or brute-force attacks. However, with this wave of attacks, it is thought that attacks exploited two vulnerabilities and used remote code execution (RCE). The vulnerabilities have been identified as...

Last year a new bill was passed in India, called the 'Indian agriculture acts of 2020'. Also known as the Farm Bills, these new laws have caused social discontent among farmers, who believe these will harm their livelihoods and make it more difficult to generate revenue. The news laws remove restrictions on how farmers can sell goods and how much they can charge, which has led to thousands of Indian farmers protesting outside of New...

Hafnium, a Chinese-based hacker group has doubled its hack count of Microsoft's Exchange Servers. It is estimated that the group breached nearly 60,000 Servers globally, primarily targeting organisations and their emails. According to the BBC, the European Banking Authority has admitted to being one of the victims. Microsoft was allegedly aware of the vulnerabilities in early January. A report from MIT reports, however, that Hafnium may not be the only threat. In fact, a cybersecurity...

The identities of a third of the living holders of the US government's highest and most prestigious military decoration were stolen and used to purchase goods from military exchanges. The United States Secret Service "is currently investigating a matter in which the personally identifiable information (PII) of 22 of 75 living Congressional Medal of Honor recipients was used to create fraudulent lines of credit at the Army and Air Force Exchange Service (AAFES) in order...